Forum Discussion
MatthewStyles_3
Nimbostratus
NimbostratusiRule for custom traffic flow
Hi!
We currently have a setup where we have a HTTPS website which customers can upload both text and media (Sound or video) to a server and this data is stored in the cloud. This data is then p...
Matt,
To perform this action, there are a couple things you need.
- Client-ssl and server-ssl profile on the virtual server.
- Identify requests with content.
Here is a simple example iRule that should accomplish what you need. I'm working under the assumption any POST will have content you want to inspect.
when HTTP_REQUEST { if {![info exists DEFAULT_POOL]} { set DEFAULT_POOL [LB::server pool] } set INSPECT 0 if {[HTTP::method] eq "POST"} { request should contain conent, select server the inspection pool pool inspection_servers set INSPECT 1 } else { pool $DEFAULT_POOL } } when SERVER_CONNECTED { do not encrypt server-side if destined to inspection pool if {$INSPECT} { SSL::disable } }If you use a OneConnect profile, you should be able to remove the default pool selection as long as you're not running 11.5.3 HF2 or 12.0.0 - 12.0.0 HF3.
when HTTP_REQUEST { set INSPECT 0 if {[HTTP::method] eq "POST"} { request should contain conent, select server the inspection pool pool inspection_servers set INSPECT 1 } } when SERVER_CONNECTED { do not encrypt server-side if destined to inspection pool if {$INSPECT} { SSL::disable } }As with anything, there is often more than one answer. Hopefully this will at least point you in the right direction.
Jeremy_Church_3
Cirrus
CirrusMatt,
To perform this action, there are a couple things you need.
- Client-ssl and server-ssl profile on the virtual server.
- Identify requests with content.
Here is a simple example iRule that should accomplish what you need. I'm working under the assumption any POST will have content you want to inspect.
when HTTP_REQUEST {
if {![info exists DEFAULT_POOL]} { set DEFAULT_POOL [LB::server pool] }
set INSPECT 0
if {[HTTP::method] eq "POST"} {
request should contain conent, select server the inspection pool
pool inspection_servers
set INSPECT 1
} else {
pool $DEFAULT_POOL
}
}
when SERVER_CONNECTED {
do not encrypt server-side if destined to inspection pool
if {$INSPECT} { SSL::disable }
}
If you use a OneConnect profile, you should be able to remove the default pool selection as long as you're not running 11.5.3 HF2 or 12.0.0 - 12.0.0 HF3.
when HTTP_REQUEST {
set INSPECT 0
if {[HTTP::method] eq "POST"} {
request should contain conent, select server the inspection pool
pool inspection_servers
set INSPECT 1
}
}
when SERVER_CONNECTED {
do not encrypt server-side if destined to inspection pool
if {$INSPECT} { SSL::disable }
}
As with anything, there is often more than one answer. Hopefully this will at least point you in the right direction.
Jeremy_Church_3Cirrus
CirrusMatt,
It is quite possible I did not understand your original question. Here is my interpretation.
Current configuration:
- File transferred from client to server_1 via HTTPS and F5 virtual server.
- File transferred from server_1 to server_2 via HTTPS and F5 virtual server.
- File transferred from client to server_1 via HTTPS and F5 virtual server.
-
File transferred from server_1 via HTTPS and F5 virtual server to:
a. server_2 via HTTPS if there is no attachment.
b. server_3 via HTTP if there is an attachment.
Is this correct? Are there any additional steps or something else missing?
In step 2, if an HTTP(S) transfer is initiated from server_1 to server_2, server_1 is acting as an HTTP client.